Due to improper controls, organisations can be defrauded in any number of ways, says IT management company CA Southern Africa. “Most of the fraud occurs through improper segregation of duties, collusion between employees and syndicates as well as malicious system administrators,” it adds.
In line with this, ITWeb in partnership with CA Southern Africa will run an information security survey to establish where companies' security priorities lie, as well as the challenges they face when it comes to information security.
The survey will also convey important information that will help gauge the maturity of South African companies across industries. Ugan Naidoo, MD of CA Southern Africa Security, says it will help create an understanding of how local companies fare against international peers.
Naidoo says a lot of organisations are susceptible to the loss of confidential information as many don't know which information has been classified as confidential or not, and don't even know when this information has leaked.
“Most internal users still retain their access to company systems long after they have left, and businesses have no idea whether or not these users are still logging in, stealing company information,” adds Naidoo.
He states that most information security threats are internal because users have direct access to the company's information assets and can often do whatever they please with it.
“Internal system administrators generally have unrestricted access to the company's information assets, and we see these users as the biggest threat to the confidentiality, integrity and availability of the information assets of companies,” he points out.
Naidoo says it is difficult to completely eradicate fraud, but that it can be managed so its impact is significantly reduced. This can be achieved by implementing proper systems that attest user access to financial and other critical systems, he explains.
“It can also be achieved by implementing systems that stop the leakage of confidential and personal information, as well as by implementing systems lock down in financial and critical systems, so that system administrators can only perform tasks as per their job function,” he notes.
According to Naidoo, a large number of South African companies are very vulnerable to information security threats because they have been led to believe that if they implement anti-virus, firewall and intrusion prevention system they are safe.
”We all now know how far from the truth this really is, as security technologies will mitigate no risk if the softer aspects like awareness, processes and policy enforcement are ignored,” he adds.
The South African market is only now coming to terms with the need for a more comprehensive approach to information security, and is not adequately prepared to deal with threats, he concludes.
Share